SMS from Zerodha?

Dorkstar1 · March 18, 2020, 6:44pm

I got the following SMS from Zerodha:

Is this really sent by Zerodha? Does anyone have any details of why this was sent?

VenuMadhav · March 18, 2020, 6:47pm

Yes, we did send this message out to our clients. It was brought to our notice that the following SMS was in circulation:

This SMS was sent by someone to perpetrate fraud. Someone created a fake webpage that resembled the Kite login webpage and was seeking information like client id, password, and mpin. Whatever details you typed out there gets stolen and the fraudster gets access to your account sensitive information.

As such, we’ve issued an advisory to all our clients not to enter any details on this webpage. Meanwhile, we’ve also filed a complaint against this webpage with the cybercrime police and have also reported it to Google and the registrar of the website.

You can help us bring down this webpage faster; here’s what we’re requesting our clients to do:

Report this phishing site to Google.

Go to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Enter the URL: http://zeroindiaicon.info

Enter description: This page steals credentials by imitating kite.zerodha.com , the web trading platform of India’s largest stockbroker - Zerodha Broking Limited

Mehdi_Abbas · March 19, 2020, 2:27am

The reporting have been done

Please guys follow up the procedure above to report it

Tar · March 19, 2020, 5:34am

How did the spammer got contact numbers of Zerodha customers? Have you investigated that from your end?

Vaga · March 19, 2020, 10:00am

@VenuMadhav http://zeroindiaicon.info this link redirects to https://kite.zerodha.com/dashboard. Is this right?

trader_dude · March 19, 2020, 10:04am

yes it is redirecting to kite.zerodha.com. I checked the certificate. It is indeed kite.

Why is it redirecting to kite.zerodha.com. It should be redirecting to a fake site . correct?

VenuMadhav · March 19, 2020, 10:56am

I’d said this earlier, opening a trading & Demat account in India involves multiple participants in between. When the client opens an account with any broker, the broker is required to share details of mobile number & email id to the Exchanges (BSE, NSE, MCX), Depositories (CDSL), KYC agencies, Central KYC. The Exchanges use this information to send an SMS on days that clients have traded and alerts when brokers upload client’s fund balances. The depositories use the client’s contact details to send an SMS whenever there’s a debit or credit transaction on his/her Demat account. The KYC agencies use contact information to send updates whenever an entity fetches the client’s PAN and updates the KYC. Most or almost all of these entities use third party IT solutions and SMS gateways and the leakage of phone numbers can take place at any level.

VenuMadhav · March 19, 2020, 10:58am

The redirection to kite.zerodha.com is happening from the time this post went public.

trader_dude · March 19, 2020, 11:01am

So are you saying that perhaps the scammer is watching this thread?

VenuMadhav · March 19, 2020, 12:55pm

Could be.

rohanrp786 · March 23, 2020, 4:12pm

Oh in this fraudulent get our number, thanks for explanation. Easy and Understandable.